How to Install and Use CSF on centos-8

How to Install and Use CSF on centos-8

Installation Process:

To check the install version of OS

[root@LinuxHelp ~]# cat /etc/centos-release
CentOS Linux release 8.0.1905 (Core)

Install the CSF dependencies

[root@LinuxHelp ~]# yum install perl-libwww-perl.noarch perl-Time-HiRes -y
Last metadata expiration check: 0:15:36 ago on Friday 27 December 2019 08:48:19 AM IST.
Dependencies resolved.
================================================================================================================
 Package                             Arch               Version                     Repository             Size
================================================================================================================
Installing:
 perl-Time-HiRes                     x86_64             1.9758-1.el8                AppStream              61 k
 perl-libwww-perl                    noarch             6.34-1.el8                  AppStream             212 k
Installing dependencies:
 perl-Compress-Raw-Bzip2             x86_64             2.081-1.el8                 AppStream              40 k
 ….
….
(8/23): perl-HTML-Tagset-3.20-33.el8.noarch.rpm                                 161 kB/s |  24 kB     00:00    
(9/23): perl-HTML-Parser-3.72-14.el8.x86_64.rpm                                 526 kB/s | 119 kB     00:00    
  ….
perl-TimeDate-1:2.30-13.el8.noarch                      perl-Try-Tiny-0.30-2.el8.noarch                       
  perl-WWW-RobotRules-6.02-18.el8.noarch                 

Complete!

Change directory to mnt to download the csf

[root@LinuxHelp ~]# cd /mnt

Use the below command to download the csf

[root@LinuxHelp mnt]# wget https://download.configserver.com/csf.tgz
--2019-12-27 09:04:44--  https://download.configserver.com/csf.tgz
Resolving download.configserver.com (download.configserver.com)... 85.10.199.177
Connecting to download.configserver.com (download.configserver.com)|85.10.199.177|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2048949 (2.0M) [application/x-gzip]
Saving to: ‘csf.tgz’
csf.tgz                     100%[===========================================>]   1.95M   758KB/s    in 2.6s    
2019-12-27 09:04:47 (758 KB/s) - ‘csf.tgz’ saved [2048949/2048949]

Extract the download csf tar file

[root@LinuxHelp mnt]# tar -xvf csf.tgz -d/us
csf/
csf/csf.deny
csf/reselleralert.txt
csf/csf.directadmin.pignore
csf/csf.service
csf/processtracking.txt
csf/downloadservers
csf/webminalert.txt
csf/filealert.txt
csf/lfd.service
csf/csf.logignore
csf/scriptalert.txt
csf/csf.suignore
csf/install.cpanel.sh
…
….
csf/uninstall.generic.sh
csf/csf.cyberpanel.pignore
csf/install.directadmin.sh

Move the extracted csf under src directory

 [root@LinuxHelp mnt]# mv csf /usr/src/

Then change directory location to csf

 [root@LinuxHelp mnt]# cd /usr/src/csf/

Longlisting the current directory

 [root@LinuxHelp csf]# ls -la
total 2504
drwxr-xr-x. 21 root root   4096 Oct 21 15:32 .
drwxr-xr-x.  5 root root   4096 Dec 27 09:07 ..
-rw-r--r--.  1 root root    124 Feb  1  2013 accounttracking.txt
-rw-r--r--.  1 root root    181 Feb  1  2013 alert.txt
-rwxr-xr-x.  1 root root    976 Aug 11 20:24 apf_stub.pl
-rwxr-xr-x.  1 root root  14750 Aug  4 21:29 auto.cwp.pl
….
….
-rw-r--r--.  1 root root    747 Feb 17  2018 csf.rblconf
-rw-r--r--.  1 root root   1865 Jun 30  2018 csf.rbls
…
…
-rw-r--r--.  1 root root    146 May 23  2013 webminalert.txt
-rw-r--r--.  1 root root   1225 Aug 12 16:09 x-arf.txt

Run install.sh script file to install csf

[root@LinuxHelp csf]# sh install.sh 
Selecting installer...
Running csf generic installer
Installing generic csf and lfd
Check we're running as root
mkdir: created directory '/etc/csf'
'install.txt' -> '/etc/csf/install.txt'
Checking Perl modules...
Using configuration defaults
...Perl modules OK
mkdir: cannot create directory ‘/etc/csf’: File exists
mkdir: created directory '/var/lib/csf'
mkdir: created directory '/var/lib/csf/backup'
…
….
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK
RESULT: csf should function on this server

Edit the configuration file to start the lfd service

[root@LinuxHelp bin]# vim /etc/csf/csf.conf 
#By default csf in testing mode, so we have to disable it
Testing=”0”

Start the csf lfd service

[root@LinuxHelp bin]# systemctl start csf lfd

Enable the both services

 [root@LinuxHelp bin]# systemctl enable csf lfd

Use the below command to start the csf

[root@LinuxHelp bin]# csf -s
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
….
….
LOCALOUTPUT  all opt    in * out !lo  ::/0  -> ::/0  
LOCALINPUT  all opt    in !lo out *  ::/0  -> ::/0  
*WARNING* Binary location for [SENDMAIL] [/usr/sbin/sendmail] in /etc/csf/csf.conf is either incorrect, is not installed or is not executable
*WARNING* Missing or incorrect binary locations will break csf and lfd functionality
*WARNING* RESTRICT_SYSLOG is disabled. See SECURITY WARNING in /etc/csf/csf.conf.

To allow any ip in csf firewall

[root@LinuxHelp bin]# csf -a 192.168.7.221
Adding 192.168.7.221 to csf.allow and iptables ACCEPT...
ACCEPT  all opt -- in !lo out *  192.168.7.221  -> 0.0.0.0/0  
ACCEPT  all opt -- in * out !lo  0.0.0.0/0  -> 192.168.7.221

This the file where allowed ip are stored

[root@LinuxHelp bin]# vim /etc/csf/csf.allow

To deny any ip in csf firewall

[root@LinuxHelp bin]# csf -d 192.168.7.222
Adding 192.168.7.222 to csf.deny and iptables DROP...
DROP  all opt -- in !lo out *  192.168.7.222  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> 192.168.7.222

This the file where denied ip are stored

[root@LinuxHelp bin]# vim /etc/csf/csf.deny

Use the below command to remove ip from the allowed list

 [root@LinuxHelp bin]# csf -ar 192.168.7.221
Removing rule...
ACCEPT  all opt -- in !lo out *  192.168.7.221  -> 0.0.0.0/0  
ACCEPT  all opt -- in * out !lo  0.0.0.0/0  -> 192.168.7.221

Use the below command to remove ip from the denied list

[root@LinuxHelp bin]# csf -dr 192.168.7.222
Removing rule...
DROP  all opt -- in !lo out *  192.168.7.222  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> 192.168.7.222

Use the below command to Reload the csf

[root@LinuxHelp bin]# csf -r
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `LOGDROPIN'
Flushing chain `LOGDROPOUT'
Flushing chain `DENYIN'
Flushing chain `DENYOUT'
…..
….
LOCALINPUT  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
LOCALOUTPUT  all opt    in * out !lo  ::/0  -> ::/0  
LOCALINPUT  all opt    in !lo out *  ::/0  -> ::/0  
*WARNING* Binary location for [SENDMAIL] [/usr/sbin/sendmail] in /etc/csf/csf.conf is either incorrect, is not installed or is not executable
*WARNING* Missing or incorrect binary locations will break csf and lfd functionality
*WARNING* RESTRICT_SYSLOG is disabled. See SECURITY WARNING in /etc/csf/csf.conf.

With, this the method to install csf on cebtos-8 comes to end

Tag : CSF (ConfigServer Security & Firewall) CentOS
FAQ
Q
How to deny ip in csf from the command?
A
To deny ip in csf from the command line
#csf -a mention_the_ipaddress
Q
How to add IP in csf from the command?
A
To add ip in csf from the command line
#csf -a mention_the_ipaddress
Q
What is the command to reload the csf firewall?
A
The command to reload the csf firewall is
# csf -r
Q
What is the csf configuration file location?
A
The configuration file location of csf is /etc/csf/csf.conf
Q
What is Config Server Firewall (CSF)?
A
Config Server Firewall (CSF) is a free and Stateful Packet Inspection (SPI) firewall for most Linux distributions.
which is also a Login/Intrusion Detection for applications like SSH, SMTP, IMAP, Pop3,"su" command and etc..